Applicant : Joseph Barrett et al. Attorney's Docket No.: 06975-1310017 Security 08 

Serial No. : 09/666, 140 

Filed : September 20, 2000 

Page : 14 of 19 

REMARKS 

Applicants request reconsideration and allowance in view of the following remarks. 
Claims 1, 3, 4, 6-45 are pending, with claims 1, 15, and 25 being independent. Support for the 
claim amendments and new claims may be found throughout tjie application, for example, at 
page 7, line 10 through page 1 1, line 30. No new matter has been added. 

interview Summary 

Applicants wish to thank Examiner Nguyen for the courtesy extended to Applicants' 
representative during the telephone interview on August 30, 2007. This reply. reflects; the 
substance o f the interview. 

Eichstaedt in view of Short Re jection 

Claims 1, 3, 4, and 6-37 have been rejected as being unpatentable over Eichstaedt (U.S. 
Patent Number 6,662,230) in view of Short (U.S . Patent Number 6,636,894). Applicants 
respectfully request reconsideration and withdrawal of this rejection because neither Eichstaedt, 
Short, nor any proper combination of the two describe or suggest the features of independent 
claims 1, 15, and 25, as described below. 

For example, independent claim 1 recites, inter alia , monitoring for connection 
transactions between multiple access requestors and access providers using a switching 
component connected to the access providers and denying access by an attacking access 
requestor to. the access providers when a number of connection transactions initiated by the 
attacking accessrequestor through the switching component exceeds a configurable threshold 
number during a first configurable period of time. Applicants submit that neither Eichstaedt, 
Short, nor any proper combination of the two describe or suggest at least these features. 

In contrast, as discussed in prior responses, Eichstaedt describes a data protection system 
11 that monitors for connection transactions between multiple access requestors (e.g., client 
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computers 12 and 14) and a single access provider (e.g., web server 18). 1 In particular, 
Eichstaedt's data protection system monitors for connection transactions between the client 
computers 12 and 14 and the web server 18 for limiting the access by the client computers 12 
and 14 to data objects accessed through the web server 18. Col. 6, lines 20-22, To do so, the 
data protection system 11 detects requests from the client computers 12 and 14 to the web server 
18 and analyzes the requests. Col. 5, lines 25-30. If the requests meet certain criteria, they are 
forwarded by the data protection system 1 1 to the web server 1 8, which accesses the database 20 
when formulating a response to the requests. Col. 6, lines 35-37. As such, the technology 
described by Eichstaedt protects a single web server, web server 18, from abusive clients seeking 
to make requests too frequently, or seeking to otherwise absorb too much of the web server's 18 
resources. Col. 3, lines 45-49. However,. Eichstaedt does not describe or suggest monitoring for 
connection transactions between multiple access requestors and access providers using a 
switching component connected to the access providers and denying access by an attacking 
access requestor to the access providers when a number of connection transactions initiated by 
the attacking access requestor through the switching component exceeds a configurable threshold 
number during a first configurable period of time, as recited in independent claim 1. 

Notably, the Office Action of May 2, 2007 concedes that Eichstaedt does not describe or 
suggest monitoring connection transactions with a plurality of access providers. See Office 
Action of May 2, 2007 at page 3. The Office Action relies on Short for this feature. 

Applicants respectfully submit that Short fails to remedy the deficiencies of Eichstaedt. 
Specifically, as shown in Fig. I, Short describes a computer system 10 including a gateway 
device 12 and a router 18 that enable a plurality of computers 14 access to a plurality networks 
20 or other online services 22. Col. 6, lines 9-45. Although Short may describe a computer 
system that provides multiple, user computers access to a plurality of networks, Short fails to 
describe or suggest monitoring fpr connection transactions between the multiple user computers 
and the plurality of networks using a switching component and denying access by one of the user 
computers to the plurality of networks when a number of connection transactions initiated by the 
user computer through the switching component exceeds a configurable threshbld number during 

1 Applicant does not concede that Eichstaedt "monitors for connection transactions;" however, for sake of simplicity 
of comparing the technology taught by Eichstaedt with the subject matter of claim 1 , Applicant assumes that 
Eichstaedt monitors for connection transactions, as recited in claim 1 . 
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a first configurable period of time. Instead, Short merely describes facilitating connections to a 
plurality of networks of online services without monitoring the connections and denying access 
when the number of the connections exceeds a threshold. Thus, Short fails to describe or suggest 
monitoring for connection transactions between multiple access requestors and access providers 
using a switching component connected to the access providers and denying access by an 
attacking access requestor to the access providers ; when a number of connection transactions 
initiated by the, attacking access requestor through the switching component exceeds a 
configurable threshold number during a first configurable period of time, as recited in 
independent claim 1. 

During the telephone interview of August 30, 2007, Examiner Nguyen indicated that a 
combination of Eichstaedt and Short meets the limitations of independent claim 1 because the 
proposed combination would include a plurali ty of the web servers described in Eichstaedt to 
which user computers could connect. Even assuming, arguendo, that a proper combination of 
Eichstaedt and Short includes a plurality of the web servers described in Eichstaedt, Applicants 
respectfully disagree that the proposed combination meets the limitations of independent claim 1. 

In particular, assuming that a proper combination of Eichstaedt and Short includes a 
plurality of the web servers, Applicants s ubmit that, in the proposed combination* each of the 
plurality of Eichstaedt web servers would act in a manner similar to the web server described in 
Eichstaedt As discussed above, the web server 18 of Eichstaedt monitors for connection 
transactions between multiple client computers 1 2 and 14 and the: single web server 18 and 
protects Only the single web server 1 8 from abusive clients that request objects from the single 
web server 1 8 too, frequently. Therefore, in the proposed combination, each single web server 
would monitor its own connection transactions without regard for connection transactions of 
other web servers. Accordingly, each specific web server included in the proposed combination 
would deny access to a requestor only when the specific web server has detected a number of 
connection transactions to the specific web server that exceeds a threshold: Based on the 
teachings of Eichstaedt, none of the web servers would monitor connection transactions between 
multiple access requestors and access providers, as claimed. Therefore, even if the proposed 
combination were made, it would fail to describe or suggest monitoring for connection 
transactions between multiple access requestors and access providers using a switching 



Applicant : Joseph Barrett et al. Attorney 's Docket No.: 66975-1 3 100.1 / Security . 08 

SerialNo. : 09/666,140 

Filed : September 20, 2000 

Page :. 17 of 19 

component connected to the access providers and denying access by an attacking access 
requestor to the access providers when a number of connection transactions initiated by the 
attacking access requestor. through the switching component exceeds a configurable: threshold 
number during a first configurable period oftime, as recited in independent claim 1. 

The impact of differences ; between the technology in the proposed combination of 
Eichstaedt and Short and the subject matter of cliaim 1 is perhaps best illustrated by an example. 
If a particular client computer is making too many requests (above the set threshold) to a specific 
web server, then the web server will recognize that the client computer's requests passes the set 
threshold and will refuse the client computer access to the specific web server. Now assume, that 
the client computer makes many requests (but less than a threshold), to a first web server and that 
the client computer concurrently makes many requests (but less than the threshold) to a second 
web server. The first web server : will recognize, that the client computer's requests to the first 
web server do not exceed the set threshold, and the second web server will recognize that the 
client computer's requests to the second web server also do not exceed the set threshold. 
Therefore, both the first web server and the second web server will allow the client computer 
continued access, even if the total aggregated number of the client computer's requests to the 
first web server and the second web server exceeds the set threshold. That is, the first web server 
makes access decisions for the first web server without regard for the client computer's 
interactions with the second web; server (or any other web server). 

By contrast, the subject matter of claim 1 would take into account the interactions of the 
client computer with both the first and second web server. And, if the total number of the client 
computer's requests passes the set threshold, irrespective of to which server the requests are 
directed;-, the client computer will be denied access to both the first web server and second web 
server. 

Accordingly, the proposed combination of Eichstaedt and Short fails to describe or 
suggest monitoring for connection transactions between multiple access requestors arid access 
providers using a switching component connected to the, access providers and denying, access by 
an attacking access requestor to the access providers when a number of connection transactions 
initiated by the attacking access requestor through the switching component exceeds a 
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configurable threshold number during a first configurable, period of time, as recited in 
independent claim 1 . 

For at least these reasons, Applicants respectfully request reconsideration and withdrawal 
of the rejection of independent claim 1 along with its dependent claims. 

Independent claims 15 arid 25, although different in scope than independent claim 1 and 
each other, recite features similar, to the above recited features of independent claim 1. 
Accordingly, Applicants respectfully request reconsideration and withdrawal of the rejection of 
independent claims 15 arid 25, along with their dependent claims, for at least the reasons 
presented above with respect to independent claim 1. 

New Claims 

New claims 38-45 each depend directly or indirectly from independent claim 1. At least 
for the reason of that dependency arid the reasons noted above with respect to independent claim 
1, Applicants submit that claims 38-45 are allowable. 

Conclusion 

It is believed that all of the pending issues, have been addressed. However, the absence of 
a reply to a specific rejection, issue or comment does riot signify agreeirierit with or concession 
of that rejection, issue or comment. In addition, because the arguments made above may not be 
exhaustive, there may be reasons for patentability of any or all pending claims (or other claims) 
that have not been expressed. Finally, nothing in this reply should be construed as an intent to 
concede any issue with regard to any claim, except as specifically stated in this reply, and the 
amendment of any claim does not necessarily signify concession of unpatentability of the claim 
prior to its amendment. 

Applicants submit that all claims are in condition for allowance. 

Pursuant to 3 7 CFR §1 . 1 36, Applicants hereby petition that the period for response to the 
non-final Office action dated May 2, 2007 be extended for one month to and including 
September 2, 2007. September 2, 2007 is a Sunday and Monday; September 3, 2007 is a federal 
holiday in which the United States Patent and Trademark Office is closed. 
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The fee in the . amount of $470;00 in payment of the excess claim fees ($350) and the one- 
month extension of time fee ($120) is being paid concurrently herewith on the.Eleetronic Filing 
System (EFS) by way of Deposit Account authorization. Please apply any overcharges or 
credits to deposit account 06-1050. 

Respectfully submitted, 
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